[conspire] Autodowload a Virus
Ross Bernheim
rossbernheim at speakeasy.net
Tue Jan 5 22:33:24 PST 2010
On Jan 5, 02010, at 9:15 PM, Rick Moen wrote:
> Quoting Don Marti (dmarti at zgp.org):
>
>> There's also a UI design problem. If a user clicks
>> on a web link, you don't want something like:
>>
>> Open "http://downloads.rat-bag.com/spyware/pwn.deb"
>> with "Nifty GUI Package Installer?"
>>
>> Then, if the user clicks "Yes" or "Install" or
>> whatever...
>>
>> Please enter your password to run "Nifty GUI Package
>> Installer" as root:
>>
>> The user actions required to install new software
>> are getting too close to the actions required to
>> open a file. The more different they are, the more
>> warning users get.
>
> Now, that's a really, really good point.
>
> Come to think of it, I'm not actually clear on what the user
> experience
> looks like, in any recent Ubuntu release, when you fetch and then
> double-click on a .deb file in GNOME's file-management thingie
> (Nautilus?). Maybe an Ubuntista would care to comment. (Thanks!)
I am only familiar with the Kubuntu variant and have developed the
habit of
installing Synaptic and using it to look for .debs in the repositories
that I have
authorized it to use. I like Synaptic's information on the package. I
will quite
often drop dow to the terminal and use apt-get to do the installation.
If it isn't in a recognized repository, I don't install it. I would
rather do without
than risk the problems that could occur with a bad .deb.
Ross
More information about the conspire
mailing list